Installing Local Groups -- Registry Permissions Error
Jun 19, 2006
Hi
installing sql express sp1 on SBS Win 2000 box
It's up to database services, and then fails - i've tried this a number of times.
The message box says "The installer has encountered an unexpected error. The code is 2380. Error opening file for write. GetLastError: SoftwareMicrosoftMicrosoft SQL ServerMSSQL.1Setup"
The admin account did not have full admin privileges for this key and subkey- why ?
I was installing under the domain administrator account....
I fixed this, and now the latest error is as follows from the log
QL_ERROR (-1) in OdbcConnection::connect
sqlstate=08001, level=-1, state=-1, native_error=21, msg=[Microsoft][SQL Native Client]Encryption not supported on the client.
sqlstate=08001, level=-1, state=-1, native_error=21, msg=[Microsoft][SQL Native Client]Client unable to establish connection
sqlstate=08001, level=-1, state=-1, native_error=0, msg=[Microsoft][SQL Native Client]An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections.
Error Code: 0x80070015 (21)
Windows Error Text: The device is not ready.
Source File Name: libodbc_connection.cpp
Compiler Timestamp: Wed Oct 26 16:37:41 2005
Function Name: OdbcConnection::connect@connect
Source Line Number: 148
We are trying to configure registry settings to allow sql server service to run on a service account in SQL Server 2005. The registry has changed quite a bit from SQL 2000, and we are missing a setting in the software keys that causes sql server service not to start. If we apply permissions to all of HKEY_LOCAL_MACHINE/SOFTWARE, then the service starts, however company security policies do not allow this. Are there any specific keys we should look at, other than the obvious Microsoft/Microsoft SQL Server and Microsoft/MSSQL keys, in which we have already granted permissions to the service account?
I am posting this to hopefully help someone else that encounters the same issue in the future...
Server: SBS 2003 Premium, with exchange and with all service packs/patches applied. Server-name: NEWSERVER Server migrated from: OLDSERVER Important notes:
This server was migrated from another SBS 2003 on different HW following the instructions provided by microsoft. The oldserver had exchange and sql 2005 installed on it. The new server has Office Accounting 2005 installed, but I don't think that matters...
I am trying to install SQL 2005 from the SBS2003-R2 DVD onto the new server, and get the following error:
Error: ---
TITLE: Microsoft SQL Server 2005 Setup ------------------------------
SQL Server Setup failed to modify security permissions on registry key SOFTWAREMicrosoftMicrosoft SQL ServerMSSQL.2MSSQLServerSuperSocketNetLib for user Administrator. To proceed, verify that the account and domain running SQL Server Setup exist, that the account running SQL Server Setup has administrator privileges, and that the registry key exists on the destination drive.
For help, click: http://go.microsoft.com/fwlink?LinkID=20476&ProdName=Microsoft+SQL+Server&ProdVer=9.00.1399.06&EvtSrc=setup.rll&EvtID=29508&EvtType=sqlca%5csqlsddlca.cpp%40Do_sqlRegSDDL%40ExceptionInSDDL%40x7344
I looked in the registry, and the administrators group has full control over this key.
Digging into the SQLSETUP log file, at the end I see: ---
Configuring ACL: Object: HKLMSOFTWAREMicrosoftMicrosoft SQL ServerMSSQL.2MSSQLServerSuperSocketNetLib ACL: (A;CI;KR;;;[SQLServer2005SQLBrowserUser$NEWSERVER])(A;CI;KR;;;NS) Action: 0x100 Failed ACL: ReplaceSDDLSid is failed at the error code 1332; Converted SDDL: '(A;CI;KR;;;[SQLServer2005SQLBrowserUser$NEWSERVER])(A;CI;KR;;;NS)' Error Code: 0x80077344 (29508) Windows Error Text: Source File Name: sqlcasqlsddlca.cpp Compiler Timestamp: Tue Sep 13 01:08:29 2005 Function Name: ExceptionInSDDL Source Line Number: 65
---
Looking into AD Users+Computers, there is not a group present for SQLServer2005SQLBrowserUser$NEWSERVER but there is one for SQLServer2005SQLBrowserUser$OLDSERVER.
It appears that the install did not create the new group that was necessary..
Once I duplicated the OLDSERVER group, renaming it to have NEWSERVER, the installation completed without error.
I hope this saves someone else a few hours of pain.
I am converting a relatively large multi-user Access 97 database toSQL Server 2000. I use about a dozen groups to manage security,providing graduated levels of access to each group. I read that inSQL Server a user can belong to only two groups, "users" and oneother. If this is true, can someone point me in the right directionas to how I could get around this limitaion?Thanks,Bob C.
This is regarding permission issue in windows-authenticated sql server 2000.
I have two NT groups namely A & B.
Groups A has all permissions on SQLDB1 while group B has all on SQLDB1 and SQLDB2.
Since I dont want B to have INS/UPD/DEL rights on SQLDB1, I revoked those permissions for B on the same. But users belonging to both groups suffer INS/UPD/DEL rights on SQLDB1.
Hello, In NT MS suggests putting global groups into local groups and then assigning object permissions to those local groups in NTFS. I was wondering if this pattern should be followed in SQL server when assigning permissions to integrated login accounts. Is it better to use global groups or local groups?
I am having a problem with permissions using Windows groups. I have a database (database1) that has permissions granted via Windows groups. Two groups (group1 and group2) are members of the db_datareader role in database1, and this work fine. Do to the number of tables that get created during our work, using db_datareader is the easiest way to keep up with permissions without creating a maintenance problem. Now I have a table that I want to add to this database, but I only want group2 to have select permission on this one table which is a problem because group1 has the db_datareader role. So I thought I could create a view in this database to the restricted table that I put in database2. Then in database2 I only added group2 as a user with the permission to select from this table. Unfortunately the group membership does not seem to get interpretted correctly in database2 and no one can successfult select from the view in database1.
In other words, user1 who belongs to group1 connects to database1 and cannot select from the restricted view -- this is what I would expect. However, when user2 who belongs to group2 connects to database1 they also cannot select from the restricted view -- not the behvior I would expect. Now, if I make user2 a user in database2 with select on the restricted table then user2 can connect to database1 and successfuly get data from the restricted view. So it looks like the fact that user2 belongs to group2 is never passed to database2 via the select from the view on database1. Is this indeed the way that Windows group security is working or is meant to work in SQL Server?
I realize I could solve this simplified version of the problem by creating my own role in database1 for group1 etc., but I am trying to solve a bigger problem in our environment that has hundreds of databases across numerous servers.
Hi im trying to install Sql Server 2005 but it says i need to Increment the Counter Registry Key for Setup in SQL Server 2005 before doing so. Im following the guide at http://msdn2.microsoft.com/en-us/library/ms143215.aspx but in my registry the folder HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPerflibdoesnt contain any keys"Last Counter"=dword:00000ed4 (5276)"LastHelp"=dword:00000ed5 (5277) or any key for that matter.How can i fix this?
I have a clustered server environment where three of the SQL Server local groups were not created during installation. One of these missing groups is SQLServer2005SQLAgentUser$ComputerName$InstanceName, and this is causing problems with trying to automate replication.
How do I create this group after I have installed SQL Server?
We have a problem authenticating domain users contained in local machine user groups across multiple web servers in a scale out deployment.
When we originally setup our single SSRS database server we were told the a best practice is to add domain users to local user groups on the SSRS machine.
Now we want to add more web servers and create a scale-out deployment. So, we added the web servers and configured the scale-out deployment. But, only administrators can see the reports since all of our SSRS roles are assigned permissions such as "Machine1User_Group".
We were told that we have to create identical local groups on Machine2 and Machine3 and then add them to the SSRS roles. This is prohibitive since it would mean managing 3 identical user groups containing thousands of domain users.
Is there a better way to do this without using Domain User Groups?
I am trying to sync (using SQL Server 2005) and have set the Interactive Conflict Resolver to be used, however when I sync it fails with this error:
The merge process failed to get correct information about the Interactive Resolver component from the registry. Verify that the registry exists and that the path is correct
Anyone ever see this before and know how to resolve it? I've looked all over.Thanks guys,Chris
what are the minimum required permissions for being allowed to deploy a report? When I try to deploy a report in BIDS I get the error message that my user has not sufficient rights for doing so.
Some key data for my configuration:
Windows Server 2003 Standard Edition with Service Pack 1 SQL Server 2005 Standard Edition with Service Pack 1 I'm not a local administrator, but I have administration rights for SQL Server and Analysis Services I'm in the Reporting Services' system administrator and system user groups
I can access http://localhost/Reports, but not http://localhost/ReportServer I have access to the directory (incl. subdirectories) MSSQL.2, but not to MSSQL.1MSSQL and MSSQL3Reporting Services I can't run the Reporting Services Configuration Tool (see http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1565766&SiteID=1) I can't connect to Reporting Services in SQL Server Management Studio
My question is (as I have already mentioned in the beginning): what are the minimum rights the IT administrator has to assign to my user so that I'll be able to deploy reports? Giving me local administrator rights is not possible.
Thanx in advance and kind regards, Gerald
Update:
In the meantime I have found out, that I'm most probably not a member of the Publisher role. But although I am in the System Administrator role I cannot assign myself to this role. When going to http://localhost/Reports the required links are just not visible. Is this because I'm not a member of the groups SQLServer2005ReportServerUser$... and SQLServer2005ReportingServicesWebServerUser$... ?
I recently installed an evaluation copy of SQL Server 2005 Enterprise Edition on my local machine and during the installation I used Local System system account for the SQL Server service and set the server to use Mixed Mode authentication.
I am able to connect to this local server Database Engine with my Windows login through SQL Server Management Studio and am able to perform sysadmin tasks. My question is why?
My thinking was that even though my Windows login would provide me a connection to the server, I would still have to manually add this login to the sysadmin server roles but after checking the sysadmin role, my Windows login isn't in there. The Windows login is not found under Security - Logins in SSMS either.
Can someone tell me should details for the login be visible on the server and why it seems to have sysadmin permissions ?
I have a new SQL 2005 (SP2) Reporting Services server to which I've just upgraded and deployed some SSRS 2000 reports.
I have a subreport that contains a matrix with two groups. The report data seems to be inexplicably repeating the data for the first row in the group for all rows in the group. Example:
ID1 ID2 DisplayData
1 1 A
1 2 B
1 3 C
2 1 A
2 2 B
2 3 C
Parent group is on ID1, child group is on ID2, report would show:
1 1 A
2 A
3 A
2 1 A
2 A
3 A
Is this a matrix bug in 2005 SP2, or do I need to do something differently? I can no longer pull a comparison version from an SSRS 2000 server to verify, but I believe it was working as expected before...
I'm currently receiving the following error message whilst attempting to install SQL Server 2005 Standard Edition on Windows Server 2003 (32 Bit): Error 29528. The setup has encountered an unexpected error while Installing performance counters. The error is: The system cannot find the file specified.
This server already has an install of SQL Server 2000 as the default instance. I'm attempting to install a new named instance of SQL Server 2005.
Extract from log:
<Func Name='LaunchFunction'> Function=Do_sqlPerfmon2 <Func Name='GetCAContext'> <EndFunc Name='GetCAContext' Return='T' GetLastError='0'> Doing Action: Do_sqlPerfmon2 PerfTime Start: Do_sqlPerfmon2 : Tue Jun 12 10:20:02 2007 <Func Name='Do_sqlPerfmon2'> <EndFunc Name='Do_sqlPerfmon2' Return='0' GetLastError='2'> PerfTime Stop: Do_sqlPerfmon2 : Tue Jun 12 10:20:02 2007 MSI (s) (4C:FC) [10:20:02:833]: Executing op: ActionStart(Name=Rollback_Do_sqlPerfmon2.D20239D7_E87C_40C9_9837_E70B8D4882C2,Description=Removing performance counters,) <EndFunc Name='LaunchFunction' Return='0' GetLastError='0'> MSI (s) (4C:FC) [10:20:02:849]: Executing op: CustomActionSchedule(Action=Rollback_Do_sqlPerfmon2.D20239D7_E87C_40C9_9837_E70B8D4882C2,ActionType=1281,Source=BinaryData,Target=Rollback_Do_sqlPerfmon2,CustomActionData=100Removing performance counters200000DTSPipelineC:Program FilesMicrosoft SQL Server90DTSBinnDTSPERF.INI) MSI (s) (4C:FC) [10:20:02:849]: Executing op: ActionStart(Name=Do_sqlPerfmon2.D20239D7_E87C_40C9_9837_E70B8D4882C2,Description=Installing performance counters,) MSI (s) (4C:FC) [10:20:02:849]: Executing op: CustomActionSchedule(Action=Do_sqlPerfmon2.D20239D7_E87C_40C9_9837_E70B8D4882C2,ActionType=1025,Source=BinaryData,Target=Do_sqlPerfmon2,CustomActionData=100Installing performance counters200000C:Program FilesMicrosoft SQL Server90DTSBinnDTSPERF.INIC:Program FilesMicrosoft SQL Server90DTSBinnDTSPERF.HC:Program FilesMicrosoft SQL Server90DTSBinnDTSPipelinePerf.dllDTSPipeline0DTSPipelinePrfData_OpenPrfData_CollectPrfData_Close) MSI (s) (4C:94) [10:20:02:864]: Invoking remote custom action. DLL: C:WINDOWSInstallerMSI1683.tmp, Entrypoint: Do_sqlPerfmon2 <Func Name='LaunchFunction'> Function=Do_sqlPerfmon2 <Func Name='GetCAContext'> <EndFunc Name='GetCAContext' Return='T' GetLastError='0'> Doing Action: Do_sqlPerfmon2 PerfTime Start: Do_sqlPerfmon2 : Tue Jun 12 10:20:02 2007 <Func Name='Do_sqlPerfmon2'> <EndFunc Name='Do_sqlPerfmon2' Return='2' GetLastError='2'> PerfTime Stop: Do_sqlPerfmon2 : Tue Jun 12 10:20:02 2007 Gathering darwin properties for failure handling. Error Code: 2 MSI (s) (4C!F0) [10:23:46:381]: Product: Microsoft SQL Server 2005 Integration Services -- Error 29528. The setup has encountered an unexpected error while Installing performance counters. The error is: The system cannot find the file specified.Error 29528. The setup has encountered an unexpected error while Installing performance counters. The error is: The system cannot find the file specified.
You can ignore this and it will complete the installation, but subsequently trying to patch with SP2 will fail on the same sections - Hotfix.exe crashes whilst attempting to patch Database Services, Integration Services and Client Components (3 separate crashes).
I've removed SQL Server 2005 elements and tried to re-install, but it's not improved the situation.
I am facing a peculier problem. Problem definition goes like this,
I have one staging DB in which all the tables resides in Primary file and one production DB in which tables resides in 2 secondary files.
Now when iam trying to load the data from the table A in staging which is on primary file to the table A1 in production DB which in secondary file, all the data are going to error log instead of table A1.
Please, i need a very urgent help, for this question... tkssss :-)
I need to create a report with dynamic columns. I try use Matrix, but in this time, i dont konw how to calcutate the subtotal e groups in the correct way.
The data for generate the report ( http://xs116.xs.to/xs116/07233/DataReport.JPG ) This is the actual report ( 2 rows groups and 1 columns group ) ok, but how group dates now ? ( http://xs116.xs.to/xs116/07233/ReportInvalid.JPG The correct report i need( if is possible?) (http://xs116.xs.to/xs116/07233/ReportOK.JPG) I need group by Filial (idFilial) Dates (Dta) and inside dates the Dispositivos(NomeDispositivo or IdDispositivo) of the date.... and finally total all by group Filial (idFilial)...
I'm having an issue running the clustering algorithm in the data mining view of Visual Studio. The databases connect properly and the data subsequently loads. However, upon clicking on the "Mining Model Viewer" tab, I receive the following error message:
Errors in the metadata manager. The D Msample ~MC cube has no measure groups. Errors in the metadata manager. An error occurred when loading the D Msample ~MC cube, from the file, '\?C:Program FilesMicrosoft SQL ServerMSSQL.2OLAPDataewDM_sample.0.dbD Msample ~MC.2.cub.xml'.
We are not using a data cube, so I am assuming that this file is being called through the clustering algorithm. Furthermore, I have run the same process on different systems successfully. The only difference I can detect is that this error resulted on a 64bit system.
I have tried installing SQL Express using the latest download. I've also intalled the latest Windows Installer (3.1) but I have the following error message (taken from log). All contributions gratefully accepted
An error occurred in the system, and last operation may not have completed: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified) The above error I get when I like to connect to a db for a wiki. It's on localhost and everything I found on the internet I tried. Remote connections are not relevant because it's local. Have I something forgotten?? SQL Server 2005, Asp.net 2.0
I am getting the "Error Locating Server/Instance Specified" message. The part I find most confusing is that I am connecting to my database locally. I have read the recommendations on the blog posted here:
and implemented them to no avail. The confusing part is that I only have this problem on one particular application, which I am not the original author of. When I build my connection to the very same server (different database) using the Data Source configuration wizard, it works just fine. Any help would be greatly appreciated.
I have a request from one of our researchers to upgrade to CTP SP2. I am getting the error message:
MSP Error: 29506 SQL Server Setup failed to modify security permissions on file C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLData for user Administrator. To proceed, verify that the account and domain running SQL Server Setup exist, that the account running SQL Server Setup has administrator privileges, and that exists on the destination drive.
I added serveradministrators - full control to the permissions of Data, but it still does not work.
Has anyone else ran into this, and how do I fix it?
I had found one or two other questions about this, but neither of them seemed to be the same as my instance, and there solutions were not valid for me.
I purchased the Build a Program Now MS Visual C# 2005 Express Edition book with CD.
This was installed by the auto installer on the disk. which included the SQL Express 2005 version.
I have used the Visual Express C# interface, build a small program, created the database, created tables. all went well. I can even add data, and so forth.
My problem came when I went to click on database Diagrams in the Database Explorer.
I get a Dialog box stating
" This Database does not have a valid dbo user or you do not have permissions to impersonate the dbo user, so database diagramming is not available. Do you want to make yourself the dbo of this database in order to use the database diagramming?"
two options are Yes and No.
If I choose yes, I get the following dialog box stating,
" This databse does not have a valid dbo user or you do not have permissions to impresonate the dbo user, so database diagramming is not available. Ensure the dbo account is valid and ensure you have imprersonate permission on the dbo account."
One button, OK.
I have searched every where I can think of to try to figure out how to set / alter the dbo user info / permissions.
Hi all,I having problems connecting to my local database through my asp.net site. I'm able to connect to the database using Query Analyzer with the following connection properties:Server: localSql Server Authentication: checkedUser Name: saand the Password is left blankThis is the connection string i'm using on the website:Data Source=local;Initial Catalog=myDatabaseName;User ID=sa;Password=;This is the error i'm getting:An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) Any suggestions appreciated.Thanks
Error when trying to schedule a local DTS package.
Package Error message is...
Microsoft SQL-DMO (ODBC SQLState 42000] [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
Hi thereI am new to this forum and I was wondering if someone could help out.I am marked as "dbo" on a SQL Server database. Attached to this DB is apublication. When I right click > properties SQL Server gives me Error 7201Any ideas as to how I can get over this? Is it permissions related?Thanks
I'm stumped on this trigger error and I'm hoping someone can help. Here's the background:
BACKGROUND Running SQLServer2005 on WinServer 2003 RC2. We use a SQL-based business application that has it's own alert system that uses database mail sucessfully, meaning the built-in emailing functions of the application work and can communicate with the database mail profile and send mail without error.
PROBLEM I'm trying to write a trigger that will automatically send out an email alert after certain actions are performed in the business application. When I enable the trigger and it tries to run it fails with the following error:
SQLDBCode: 229Alerts error: SQLSTATE = 4200Microsoft OLE DB Provider for SQL ServerEXECUTE permission denied on object 'sp_send_dbmail', database 'msdb', schema 'dbo'...
TROUBLESHOOTING I've seen several articles about DatabaseMailUserRole permissions and have made sure that all users, admin and even guest (for testing) are members of this role. Other than that our setup is pretty vanilla so I'm not sure what else to do.
We only have one large dbase for the app and the fact that the internal emailing fuction works makes me think that the permissions for the msdb are already correct (although I could be wrong)
This problem is driving me crazy so I thank you in advance for any suggestions!
We have a windows forms app (VB.NET) that uses SQL Server 2005 Express in user instance mode. We have installed the app on hundreds of Win2K and WinXP PCs without any problems, but have run into an issue with one customer's site. They are running Win2K SP4 and we have installed the application on a couple of PCs at the customer's site to determine if it is environmental. The error occurs as the program is starting up the user instance of the database:
Error information:
System.InvalidOperationsException: An error occurred creating the form. See Exception.InnerException for details.
The error is: User does not have permission to perform this action, ---> System.Data.SqlClient.SqlException: User does not have permission to perform this action.
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.TrhowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbCOnnectionOptions option, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection)
at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options)
at System.Data.ProviderBase.DbConnectionPool.CreateObject(dbConnection owningObject)
at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject)
at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject)
at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbCOnnection owningConnection)
at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbCOnnection outerConnection, DbConnectionFactory connectionFactory)
at System.Data.SqlClient.SqlConnection.Open()
This error occurs at the first attempt to write to the database during the program startup. Any ideas?
I'm just starting out here. I created a simple formview connected to a local file copy of the database by adding the database into the project. It worked fine. However, I noticed that this copy of the database was not synch'ing with the database with the same name in SQL express. So I created a new connections string to access the SQL database directly out of SQL express. Its just a simple Select * from column. However, this gives an error. Why? Server Error in '/NETCatMgr' Application.
The data types ntext and nvarchar are incompatible in the equal to operator. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: The data types ntext and nvarchar are incompatible in the equal to operator.
This is the connection string <add name="CatalogMgrConnectionString" connectionString="Data Source=mymachinesqlexpress;Initial Catalog=CatalogSQL;Integrated Security=True" providerName="System.Data.SqlClient" />
Doesn't make sense. How can the formview work fine with the SQL integrated into the project but not working with a connection string to the SQL Express proper???